SOURCE: AirTight Networks, Inc.
July 22, 2010 10:35 ET
AirTight Security Researcher Uncovers Wi-Fi Vulnerability in WPA2; 'Hole196' Demos Planned at Black Hat and DEFCON
Encrypted Wi-Fi Vulnerable Despite AES Encryption and 802.1x Authentication
MOUNTAIN VIEW, CA--(Marketwire - July 22, 2010) - AirTight Networks, the leading provider of wireless intrusion prevention systems and services (WIPS) announced today that senior wireless security researcher, Md Sohail Ahmad has uncovered just how easy it is to hack into an encrypted wireless network without breaking the encryption key. A documented, yet little known, vulnerability of the Wi-Fi WPA2 security protocol, which AirTight has named 'Hole 196,' exposes secured wireless networks to a key "loophole" that allows authorized users to bypass private key encryption and authentication. AirTight researcher, Md. Sohail Ahmad, will be demonstrating this vulnerability at the Black Hat Arsenal and at DEFCON18 in a presentation entitled "WPA Too?!" in Las Vegas on July 29th and July 31st respectively.
Additional information on Ahmad's presentation is available at http://airtightnetworks.com/WPA2-Hole196 and AirTight will present a public Webinar after the conferences on August 4 to detail its findings. Those wishing to register for the Webinar, may do so on that page.
While AirTight's findings indicate that this vulnerability is only exploitable by an authorized user of the wireless network, insider threats continue to be the biggest challenge to IT and source of loss to the business. In the January 2010 Cybersecurity Watch Survey by CERT, CSO and Deloitte noted, "51% of respondents who experienced a cyber security event were still victims of an insider attack," even though most of the top 15 security policies were aimed at preventing insider attacks. Additionally, the report said that "Insider incidents are more costly than external breaches," which makes this vulnerability even more concerning.
"This important vulnerability is in fact buried on the last line of page 196 of the IEEE 802.11 Revised Standard published in 2007," said Pravin Bhagwat, CTO of AirTight. "That's the reason we gave the vulnerability the moniker 'Hole196.'"
"Unlike the TJX breach where data was stolen over unsecured Wi-Fi, this finding is concerning because organizations are relying on WPA2 for its strong encryption and authentication. Since there is no fallback in the 802.11 standard to address this hole, AirTight felt it was important to raise awareness around it," added Bhagwat. "As any security best practice you need a layered approach because one size does not fit all."
How "Hole196" Works
Unlike the WPA-TKIP vulnerability (announced in November 2008) that was largely of theoretical interest, the "Hole 196" vulnerability can be practically exploited using existing open source software as the basis. And the footprint of such insider attacks is limited to the air, making them among the stealthiest of insider attacks known requiring no key cracking and no brute force! The only way to detect this is by monitoring traffic over the air.
AirTight Networks is the global leader in wireless security and compliance solutions providing customers best-of-breed technology to automatically detect, classify, locate and block all current and emerging wireless threats. AirTight offers both the industry's leading wireless intrusion prevention system (WIPS) and the world's first wireless vulnerability management (WVM) security-as-a-service (SaaS). AirTight's award-winning solutions are used by customers globally in the financial, government, retail, manufacturing, transportation, education, health care, telecom, and technology industries. AirTight owns the seminal patents for wireless intrusion prevention technology with 15 U.S. patents granted or allowed, two international patents granted (UK and Australia), and more than 20 additional patents pending. AirTight Networks is a privately held company based in Mountain View, CA. For more information please visit www.airtightnetworks.com
AirTight Networks and the AirTight Networks logo are trademarks; AirTight and SpectraGuard are registered trademarks of AirTight Networks, Inc. All other trademarks are the property of their respective owners.